Debian Security Advisory

DSA-5252-1 libreoffice -- security update

Date Reported:
12 Oct 2022
Affected Packages:
libreoffice
Vulnerable:
Yes
Security database references:
In Mitre's CVE dictionary: CVE-2022-3140.
More information:

It was discovered that insufficient validation of vnd.libreoffice.command URI schemes could result in the execution of arbitrary macro commands.

For the stable distribution (bullseye), this problem has been fixed in version 1:7.0.4-4+deb11u4.

We recommend that you upgrade your libreoffice packages.

For the detailed security status of libreoffice please refer to its security tracker page at: https://security-tracker.debian.org/tracker/libreoffice